hearthstone-linux VS systemd

Furthermore, because you didn't name Distrobox, is it fair to assume that you're not making use of it? Back when I started, I didn't know much about Nix. So my go-to (when a flatpak didn't exist) was to go directly for a distrobox with a custom home folder (at least I could get rid of everything contained within when I felt like it). And I'd argue it has been instrumental in easing the experience until I got more comfortable with how Silverblue is used. Heck, even now I've got a dedicated Arch-distrobox with Wine for the times Bottles fails me. I also just recently made another Arch-distrobox for a native install of HearthStone for some experimentation with getting the Deck Tracker to work in it while all being properly confined (still WIP). I can't remember the amount of times I tried some random stuff in a(n ephemeral) distrobox (like installing cmatrix for the heck of it), get some enjoyment/fulfillment out of it and just continue with my life afterwards. I feel like with Distrobox, you'd have a much easier time on Silverblue. At times you can afford to rethink/relearn your ways to do it more accordance to the 'Silverblue-way'; one-step-at-a-time. But sometimes you can't, or for some reason it just doesn't seem to work. For such cases, instead of reverting back to Workstation, you should instead use Distrobox to get the work done.

i followed this guide https://github.com/0xf4b1/hearthstone-linux, and it worked perfectly for some months, but now whenever i start hearthstone it wont let me log in and im met with this message:

You can easily install it using lutris or you can even install it without using wine/lutris https://github.com/0xf4b1/hearthstone-linux

The OSX version of HearthStone uses the Unity engine, using the Unity/OSX version it is possible to get Hearthstone running on Linux without wine or similar compatibility/virtualization layers.

You actually CAN use decktracker if you install it via lutris contrary to what some people say here. Google arena tracker, works good enough. But here is another issue, I don't know how for others, but for me game might suddenly just get stuck, and moreover you won't be able to get back instantly because battle.net takes so much to launch on lutris. It happens really rare. But when it happens on 10-2 arena run or when you are 2 stars from legend... You could also install it as native game which works absolutely flawlessly, https://github.com/0xf4b1/hearthstone-linux, but here you won't be able to use decktracker ( at least I don't know how, if you know how, I'll be happy know )

> 3. even `adduser` will not allow it by default

5. useradd does allow it (as noted in a comment). 6. Local users are not the only source, there things like LDAP and AD.

7. POSIX allows it:

* https://github.com/systemd/systemd/issues/6237#issuecomment-...

> I for one love to type out 13 extra characters

FWIW, systemd is normally pretty good at providing autocomplete suggestions, so even if you don't want to set up an alias you'll probably just have to type `--b ` to set it.

> I wonder what random ASCII escape sequences we can send.

According to the man page source[0]:

> The color specified should be an ANSI X3.64 SGR background color, i.e. strings such as `40`, `41`, …, `47`, `48;2;…`, `48;5;…`

and a link to the relevant Wikipedia page[1]. Given systemd's generally decent track record wrt defects and security issues, and the simplicity of valid colour values, I expect there's a fairly robust parameter verifier in there.

In fact, given the focus on starting the elevated command in a highly controlled environment, I'd expect the colour codes to be output to the originating terminal, not forwarded to the secure pty. That way, the only thing malformed escapes can affect is your own process, which you already have full control over anyway.

(Happy to be shown if that's a mistaken expectation though.)

[0] https://github.com/systemd/systemd/blob/main/man/run0.xml

[1] https://en.wikipedia.org/wiki/ANSI_escape_code#SGR_(Select_G...

bash & zsh are supported by upstream: https://github.com/systemd/systemd/tree/main/shell-completio...

the right person to replace sudo, not: https://github.com/systemd/systemd/issues/6237

PS: https://pwnies.com/systemd-bugs/

https://github.com/systemd/systemd/issues/32028#issuecomment...

There are some very compelling arguments made there if you care to read them

Maybe it was because you weren't pointing out anything new?

There was a pull request to stop linking libzma to systemd before the attack even took place

https://github.com/systemd/systemd/pull/31550

This was likely one of many things that pushed the attackers to work faster, and forced them into making mistakes.

The PR for changing compression libraries to use dlopen() was opened several weeks before the xz-utils backdoor was revealed.

https://github.com/systemd/systemd/pull/31550

I find this the most plausible explanation by far:

* The highly professional outfit simply did not see teknoraver's commit to remove liblzma as standard dependency of systemd build scripts coming.

* The race was on between their compromised code and that commit. They had to win it, with as large a window as possible.

* This caused serious errors.

* The performance regression is __not__ big. It's lucky Andres caught it at all. It's also not necessarily all that simple to remove it. It's not simply a bug in a loop or some such.

* The payload of the 'hack' contains fairly easy ways for the xz hackers to update the payload. They actually used it to remove a real issue where their hackery causes issues with valgrind that might lead to discovering it, and they also used it to release 5.6.1 which rewrites significant chunks; I've as yet not read, nor know of any analysis, as to why they changed so much.

Extra info for those who don't know:

https://github.com/systemd/systemd/commit/3fc72d54132151c131...

That's a commit that changes how liblzma is a dependency of systemd. Not because the author of this commit knew anything was wrong with it. But, pretty much entirely by accident (although removing deps was part of the point of that commit), almost entirely eliminates the value of all those 2 years of hard work.

And that was with the finish line in sight for the xz hackers: On 24 feb 2024, the xz hackers release liblzma 5.6.0 which is the first fully operational compromised version. __12 days later systemd merges a commit that means it won't work__.

So now the race is on. Can they get 5.6.0 integrated into stable releases of major OSes _before_ teknoraver's commit that removes liblzma's status as direct dep of systemd?

I find it plausible that they knew about teknoraver's commit _just before_ Feb 24th 2024 (when liblzma v5.6.0 was released, the first backdoored release), and rushed to release ASAP, before doing the testing you describe. Buoyed by their efforts to add ways to update the payload which they indeed used - March 8th (after teknoraver's commit was accepted) it was used to fix the valgrind issue.

So, no, I don't find this weird, and I don't think the amateurish aspects should be taken as some sort of indication that parts of the outfit were amateuristic. As long as it's plausible that the amateuristic aspects were simply due to time pressure, it sounds like a really bad idea to make assumptions in this regard.